Re: Avast or Zone Alarm using proxy server?

From: Gerald Vogt (vogt_at_spamcop.net)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 10:14:42 +0900

Roger Wilco wrote:
> "Gerald Vogt" <vogt@spamcop.net> wrote in message
> news:42145270$0$975$44c9b20d@news2.asahi-net.or.jp...
>>>He's not all wrong - and I wonder why he makes a distinction between
>>>XP's firewall and another. Anybody serious about security will have
> a
>>>dedicated firewall device not some software running on the machine
> that
>
>>>hopes to be protected. He is absolutely correct about not battling
>>>security with complexity.
>>
>>Which firewall do you mean with "another"?
>
> XP's firewall. To me XP's firewall is a PFW - just not an aftermarket

Sorry I don't follow. "XP's firewall and another" with another = "XP's
firewall"?

> one. Is there something sprcial about XP's firewall that makes it any
> more "real" than any other software running locally?

It's not preferable to a HW FW. But it is magnitude better than a
standard commercial PFW that does protect the user against everything
and anything including himself. From the software design point of view
the XP SP2 FW is much more likely to do what it is supposed to to and
less vulnerable than a PFW.

> PFW's do come with a lot of nifty security related features in addition
> to control of ports, like application control, logging, packet
> inspection etc...but a real firewall sits between and if it gets

Yes, but these features only work in limited scenarios and are never
100% secure. The problem is, people rely on things like application
control and are extremely surprised when you demonstrate how easy it is
for an application to send data out although the PFW is running. The PFW
does nice things but you have to know what is actually does and can
accomplish. The marketing people of PFWs won't tell you that...

Gerald

Relevant Pages

  • Re: Can I protect myself against network attacks?
    ... > can peacefully coexist with a PFW. ... > because there are effects from the attack; ... after it disabled the firewall. ... listening and the IP stack would just drop packets for any port. ...
    (comp.security.firewalls)
  • Re: Can I protect myself against network attacks?
    ... I consider the SP2 PFW "half a firewall", and many I've read say it ... or listening in, and no virus or trojans from a system scan via KAV. ... After all, the attacks did ...
    (comp.security.firewalls)
  • Re: Firewall yes, but where?
    ... The PFW solutions do have a ... Control that can be fooled. ... A real firewall has some specific characteristics ... people do use a PFW solution on a gateway computer as well, ...
    (comp.security.firewalls)
  • Re: Why you should use a firewall on Win98
    ... > filtering firewall or indeed any firewall, ... If you like the outbound firewall you can use it. ... With a PFW it's all there and nobody ... message the warning that there is a phising e-mail in my Trashbin once ...
    (comp.security.firewalls)
  • Re: Billige Notebooks
    ... Welche Personal Firewall würdest du denn auf einem Windows-PC installieren? ... Mein Internetprovider bietet mir bei meinem Tarif *kostenlos* "Norton ... eine PFW ganz sparen. ... weil sie eben dabei ist. ...
    (de.comp.sys.notebooks)
Quantcast